Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 427368 - <sys-apps/file-5.11: Denial of Service (CVE-2012-1571)
Summary: <sys-apps/file-5.11: Denial of Service (CVE-2012-1571)
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: A3 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2012-07-20 17:26 UTC by GLSAMaker/CVETool Bot
Modified: 2012-09-26 11:44 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2012-07-20 17:26:47 UTC
CVE-2012-1571 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1571):
  file before 5.11 and libmagic allow remote attackers to cause a denial of
  service (crash) via a crafted Composite Document File (CDF) file that
  triggers (1) an out-of-bounds read or (2) an invalid pointer dereference.


@base-system, may we proceed to stabilize =sys-apps/file-5.11 ?
Comment 1 Jeff (JD) Horelick (RETIRED) gentoo-dev 2012-07-21 09:11:36 UTC
x86 stable
Comment 2 Richard Freeman gentoo-dev 2012-07-22 10:48:08 UTC
amd64 stable
Comment 3 Raúl Porcel (RETIRED) gentoo-dev 2012-07-22 14:34:38 UTC
alpha/arm/ia64/m68k/s390/sh/sparc stable
Comment 4 Anthony Basile gentoo-dev 2012-07-22 16:12:04 UTC
ppc/ppc64 stable
Comment 5 Jeroen Roovers (RETIRED) gentoo-dev 2012-07-22 17:47:12 UTC
Stable for HPPA.
Comment 6 Sean Amoss (RETIRED) gentoo-dev Security 2012-07-22 17:50:10 UTC
Thanks, everyone.

GLSA draft is ready for review.
Comment 7 GLSAMaker/CVETool Bot gentoo-dev 2012-09-26 11:44:25 UTC
This issue was resolved and addressed in
 GLSA 201209-14 at http://security.gentoo.org/glsa/glsa-201209-14.xml
by GLSA coordinator Sean Amoss (ackle).